Appendix 1
Signature Verification
- Java
- Node.js
- Python
- .Net
- PHP
Step 1 : Import the required packages
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
Step 2 : Create a PublicKey object from the public key bytes
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicKeyBytes));
Step 3 : Create a Signature object and initialize it with the public key
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
Step 4 : Put all parameters except signedMessage
as string and convert to bytes
response.setSequenceNo("1");
response.setSourceSystem("mxx");
response.setMsgVer("1.0");
response.setTxnID("20XX0825023XXXXX");
response.setResultCode("0");
response.setRespCd("00");
response.setOrgRespCd("00");
response.setRRN("32376300XXXX");
response.setSTAN("006XXX");
response.setAuthIdResp("945XXX");
response.setMRN("23237V6XXX");
response.setTxnDTTime("20230825143413");
response.setPaymentScheme("MC");
Gson gson = new Gson();
String jsonStr = gson.toJson(response);
byte[] messageBytes = jsonStr.getBytes();
Step 5 : Update the signature with the message bytes
signature.update(messageBytes);
Step 6 : Convert signedMessage to bytes and verify
boolean verified = signature.verify(signedMessageBytes);
Step 1 : Import the required packages
import forge from "node-forge";
Step 2 : Create a PublicKey object from the public key bytes
const publicKeyPath = "key/public.key";
const fetchPublicKey = async (path) => {
try {
const response = await fetch(path);
const publicKey = await response.text();
return publicKey;
} catch (error) {
//to do ...
}
};
const publicKey = await fetchPublicKey(publicKeyPath);
const rsaPubicKey = forge.pki.publicKeyFromPem(publicKey);
Step 3 : Put all parameters except signedMessage
as string
const request = {
sequenceNo = '1',
sourceSystem = 'mxx',
MsgVer = '1.0',
TxnID = '20230825023XXXXXX',
ResultCode = '0',
RespCd = '00',
OrgRespCd = '00',
RRN = '323763006XXX',
STAN = '006XXX',
AuthIdResp = '945XXX',
MRN = '23237V6XXX',
TxnDTTime = '20230825143413',
PaymentScheme = 'MC'
};
const json = JSON.stringify(request);
const sourceSystem = "mxx";
const jsonString = `${sourceSystem}\n${json}`;
const signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
const decodedUrl = decodeURIComponent(signature);
const decodedBytes = atob(decodedUrl);
const byteBuffer = new Uint8Array(decodedBytes.length);
for (let i = 0; i < decodedBytes.length; i++) {
byteBuffer[i] = decodedBytes.charCodeAt(i);
}
Step 4 : Verify the signature
const md = forge.md.sha256.create();
md.update(jsonString, "utf8");
const verified = rsaPubicKey.verify(md.digest().bytes(), byteBuffer);
Step 1 : Import the required packages
import cryptography
Step 2 : Create an RSAPublicKey
object from your public key
public_key = cryptography.hazmat.primitives.asymmetric.RSAPublicKey.load_pem_public_key(
open("public_key.pem").read()
)
Step 3 : Create a PKCS1v15
padding object
padding = cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()
Step 4 : Create a SHA256
hash object
hasher = cryptography.hazmat.primitives.hashes.SHA256()
Step 5 : Put all parameter except signedMessage
as string
request_data = OrderedDict()
request_data["sequenceNo"] = "1"
request_data["sourceSystem"] = "mxx"
request_data["MsgVer"] = "1.0"
request_data["TxnID"] = "20230825023XXXXXX"
request_data["ResultCode"] = "0"
request_data["RespCd"] = "00"
request_data["OrgRespCd"] = "00"
request_data["RRN"] = "323763006XXX"
request_data["STAN"] = "006XXX"
request_data["AuthIdResp"] = "945XXX"
request_data["MRN"] = "23237V6XXX"
request_data["TxnDTTime"] = "20230825143413"
request_data["PaymentScheme"] = "MC"
json_string = json.dumps(request_data, separators=(",", ":"))
source_system="mxx"
message = f"{source_system}\n{json_string}"
signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb"
Step 6 : Use the verify()
method to verify the signature
verified = public_key.verify(
signature,
hasher.update(message).digest(),
padding=padding,
)
Step 1 : Import the required packages
using System.Security.Cryptography;
Step 2 : Create a PublicKey object from the public key bytes
var reader = System.IO.File.ReadAllText(@"E:\xxx\xxx\public.key");
RSA rsa = RSA.Create();
byte[] pubKey = Convert.FromBase64String(reader.Replace("-----BEGIN PUBLIC KEY-----", string.Empty)
.Replace("-----END PUBLIC KEY-----", string.Empty)
.Trim());
rsa.ImportSubjectPublicKeyInfo(pubKey, out _);
Step 3 : Put all parameter except signedMessage
as string
request.sequenceNo = "1",
request.sourceSystem = "mxx",
request.MsgVer = "1.0",
request.TxnID = "20230825023XXXXXX",
request.ResultCode = "0",
request.RespCd = "00",
request.OrgRespCd = "00",
request.RRN = "323763006XXX",
request.STAN = "006XXX",
request.AuthIdResp = "945XXX",
request.MRN = "23237V6XXX",
request.TxnDTTime = "20230825143413",
request.PaymentScheme = "MC"
string json = JsonConvert.SerializeObject(request);
string sourceSystem = "mxx";
string jsonString = sourceSystem + "\n" + json;
string signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
Step 4 : Verify the signature
bool verify = rsa.VerifyData(Encoding.UTF8.GetBytes(jsonString), Encoding.UTF8.GetBytes(signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Step 1 : Import the OpenSSL extension
require_once 'vendor/autoload.php';
Step 2 : Create a new OpenSSL public key
$publicKeyFNXLocation = file_get_contents('key/xxx/xxx/public.key');
$publicKeyFNX = openssl_pkey_get_public($publicKeyFNXLocation);
$publicKeyDetailsFNX = openssl_pkey_get_details($publicKeyFNX);
$publicKeyPEM = $publicKeyDetailsFNX['key'];
Step 3 : Put all parameters except signedMessage
as string
$paymentResponse->sequenceNo = '1';
$paymentResponse->sourceSystem = 'mxx';
$paymentResponse->MsgVer = '1.0';
$paymentResponse->TxnID = '20230825023XXXXXX';
$paymentResponse->ResultCode = '0';
$paymentResponse->RespCd = '00';
$paymentResponse->OrgRespCd = '00';
$paymentResponse->RRN = '323763006XXX';
$paymentResponse->STAN = '006XXX';
$paymentResponse->AuthIdResp = '945XXX';
$paymentResponse->MRN = '23237V6XXX';
$paymentResponse->TxnDTTime = '20230825143413';
$paymentResponse->PaymentScheme = 'MC';
$jsonStringResponse = json_encode($paymentResponse);
$jsonResponse = json_decode($jsonStringResponse);
$updateJsonResponse = json_encode($jsonResponse);
$minifiedJsonResponse = json_encode(json_decode($updateJsonResponse));
$sourceSystem='mxx';
$dataResponse = $sourceSystem . "\n" . $minifiedJsonResponse;
$minifiedJson = json_encode(json_decode($updateJson));
$decodedSignedMessage = '68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb';
$decodedUrl = urldecode($decodedSignedMessage);
$decodedSignature = base64_decode($decodedUrl);
Step 4 : Verify the signature
$verifyResponse = openssl_verify($dataResponse, $decodedSignature, $publicKeyPEM, OPENSSL_ALGO_SHA256);